KellyKeeton dot Com v3.0 reverse engineering life


Virtual Server Hardening

So this topic of virtual servers is starting to catch on a bit more, I still thinkit will go the waysideof bluetooth and only people that drink the Intel kool-aid will adopt it, butthats just me, dont get me wrong I feel there is a place for virtual machines in thedata center, the technology and use just isn't impressing me today. Thereal point of this post is to bring together some of the tips about virtual serversecurity, I say virtual server and not vmware becausethey arnt the only players in the market, example is Virtuozzo whoI was just talking with a friend about. I was listening to a pauldotcompodcast the other day (which if your interested you need to go listen to)

Anywhoo I have compiled a list of some of the top things to disable or change to hardenyour virtual environment. The following documents go into further detail but I wantedto explain out a few ideas. The first is disabling unused hardware, examples are FDD,CDROM, USB, and most important the NIC. Obviously you can understand the media notonly will it free up resources (other tips are shut down screensavers and the K-Desktop)but they just arnt needed typically in a virtual environment. The NIC is one thatmost people overlook (depending on setup and how you have things configured this canbe incorrect tip), they will have a virtual host with the ability to link to yourLAN. now this is particularly and issue if the threat of jumping out of a virtualever comes to light as a virus. If you have a host on a protected network and yourvm’s are on a DMZ for example, then once the virtual is hacked your protectednetwork is at risk, the amount of times that you should have to touch the host isminimal so keep the KVM attached and disable the protocalls and ip address on thehost.

Next topic that ties in with the first is to keep similar security devices on thesame host, and put that host in the proper subnet for the security of the virtuals.Meaning, dont put your web server on the same host as your financial server, and dontput your web server on the same as a tool server that is located in your ring 0/1LAN. If its a DMZ server and you would have put it there physically, then put it therephys-virtually (thats physically and virtually in one word) so say this with me onceagain, put like security servers in the proper realm with the proper vrituals sharinga host.

Now to get a little specific to vendors, example is VMware. With VMware you have coolthings like drag-and-drop file copy, cut and paste etc. In a server virtual machineyou want to shut these enhancements off.

Patch! VMware, Microsoft each have patches for the softwares they produce, updateand patch your software. vmware has no nice patch management notification like MicorosoftUpdateso Patch your softwares, also patch your hosts and virtuals for OS and APP patches.

VMWare has actually publisheda paper for security with the ESX Server, this has important tips for logs, users,and resource provisioning to prevent denial of service issues.

Also CI Security is supposed to release hardeningguides, however they also publish good standards for the OS in the virtual so checkthem out, along with that is the Microsoft published 2000 hardeningand 2003 hardeningguides.

Another interesting summary from guys at Petri,specifically because they have screenshots

Filed under: Security No Comments

CrossSite Request Forgery

A “new” security threat that I thought was rather interesting. using crosssite forgery, the idea is that if you have two browsers open, one is your bankthe other is a hack-site. The hack site can use this idea to piggy back on your cookieand session to do things with your bank with out you knowing, How? well it would justsend http post data (or get) in the back end of the browser. So whats this mean whydo you care? If this takes off its nasty till’ people fix the sites you use.To not fall victim to this just dent flip browsers while your browsing, if you areon a site that you feel needs to be secure close out myspace.

Also the tool that I use for google hackingpay-sites, is the mozilla RefControl,which is the underlying idea with this hack

Filed under: Internet, Security No Comments